Cyber Security Industry Alliance Newsletter •  Volume 2, Number 11  • Summer 2006

Legislative Update

Click the bill number to view detailed information about the bill from The Library of Congress Thomas Legislative Information site at http://thomas.loc.gov/.

Spyware
Bill Number   S. 687
Title Software Principles Yielding Better Levels of Consumer Knowledge Act (SPYBLOCK Act)
Sponsor Senator Conrad Burns (R-MT)
Co-Sponsors Sen. Ron Wyden (D-OR), Sen. Bill Nelson (D-FL), Sen. Barbara Boxer (D-CA), Sen. Olympia Snowe (R-ME)
Summary S. 687 regulates the unauthorized installation of computer software, to require clear disclosure to computer users of certain computer software features that may pose a threat to user privacy. CSIA worked closely with Senator Wyden's staff to include the Good Samaritan provision, protecting anti-spyware software firms from frivolous lawsuits.
Latest Update Introduced on March 20, 2005; referred to Committee on Commerce, Science, and Transportation; on November 17, 2006, it was voted out of committee. On June 12, 2006, the bill was reported favorably out of committee with an amendment in the nature of a substitute, and was placed on the legislative calendar.
 
Bill Number   S. 1004
Title The Enhanced Consumer Protection Against Spyware Act of 2005
Sponsor Senator George Allen (R-VA)
Co-Sponsors Sen. John Ensign (R-NV), Sen. Gordon Smith (R-OR), Sen. John E. Sununu (R-NH), Sen. Michael B. Enzi (R-WY), Sen. Jim DeMint (R-SC)
Summary This bill provides the Federal Trade Commission (FTC) with the resources necessary to protect users of the Internet from the unfair and deceptive acts and practices associated with spyware.
Latest Update S. 1004 was introduced on May 11, 2005 and was referred to the Senate Committee on Commerce, Science and Transportation. It was defeated in a hearing on November 17, 2005.
 
Bill Number   S. 1608
Title U.S. SAFE WEB Act of 2005
Sponsor Sen. Gordon H. Smith (R-OR)
Co-Sponsors Sen. Daniel K. Inouye (D-HI), Sen. John McCain (R-AZ), Sen. Bill Nelson (D-FL)
Summary S.1608 enhances Federal Trade Commission enforcement against illegal spam, spyware, and cross-border fraud and deception. Specifically, it amends the Federal Trade Commission Act to include within the term "unfair or deceptive acts or practices" those acts or practices involving foreign commerce that: (1) cause or are likely to cause reasonably foreseeable injury within the United States; or (2) involve material conduct occurring within the United States; includes as remedies restitution to domestic or foreign victims. S.1608 grants the FTC power to transmit to the Attorney General evidence of a violation of federal criminal law by any person, partnership, or corporation, either domestic or foreign; and authorizes the FTC to designate its attorneys to assist the Attorney General with litigation in foreign courts on particular matters in which it has an interest. The bill also prescribes procedural guidelines for sharing by FTC with foreign law enforcement agencies of information obtained pursuant to compulsory process or investigation. Voluntary providers of information, including certain financial institutions, are shielded from liability.
Latest Update Introduced on 7/29/2005 and referred to the Committee on Commerce, Science, and Transportation; Scheduled for mark-up on 12/15/2005. Passed out of committee on that date.  On February 16, 2006, S. 1608 passed out of the Senate without amendment by Unanimous Consent.  On March 28th, it was received in the House and referred to the House Energy and Commerce Committee.  On April 19th, S. 1608 was referred to the Subcommittee on Commerce, Trade and Consumer Protection
 
Bill Number   H.R. 29
Title Securely Protect Yourself Against Cyber Trespass Act (The SPY ACT)
Sponsor Rep. Mary Bono (R-CA)
Co-Sponsors H.R. 29 has 61 Co-Sponsors
Summary Protects users of the Internet from unknowing transmission of their personally identifiable information through spyware programs. H.R. 29 is geared toward the industry by instituting a system of checks and balances to stop companies from obtaining a user's information via spyware; fines may be administered for such actions.
Latest Update Introduced January 4, 2005; and referred to the House Committee on Energy and Commerce; passed the House Subcommittee on Commerce, Trade and Consumer Protection on February 4, 2005; on March 9, 2005 the full committee ordered the bill to be reported by a vote of 43-0; reported out by the Committee on Energy and Commerce on April 12, 2005; on May 23, 2005 the bill passed the House by a vote of 393-4, and will have to be merged with H.R. 744, which was also passed on May 23, 2005. On May 24, 2005 H.R. 29 was sent to the Senate and referred to the Committee on Commerce, Science, and Transportation.
 
Bill Number   H.R. 744
Title Internet Spyware (I-SPY) Prevention Act of 2005 (I-SPY ACT)
Sponsor Rep. Bob Goodlatte (R-VA)
Co-Sponsors H.R. 744 has 13 Co-Sponsors
Summary Identifies specific acts as criminal offenses in an effort to discourage spyware. This legislation was originally introduced during the 108th Congress and passed the House of Representatives by a vote of 415-0.
Latest Update Introduced on February 10, 2005 and referred to the House Committee on the Judiciary. On May 23, 2005 H.R. 744 passed the House by a vote of 395-1, and on May 24, 2005 it was sent to the Senate and referred to the Committee on the Judiciary.
Phishing
Bill Number   S. 472
Title Anti-Phishing Act of 2005
Sponsor Senator Patrick Leahy (D-VT)
Co-sponsor Sen. Charles Schumer (D-NY)
Summary Criminalizes phishing, making it illegal to knowingly carry on any activity that links to websites with the intention of committing a crime; penalizes those who falsely represent themselves as being a legitimate online business and solicit e-mail recipients to provide identification to the phisher. S. 472 is similar to H.R. 1099.
Latest Update Introduced on February 28, 2005 and referred to the Senate Judiciary Committee.
 
Bill Number   H.R. 1099
Title Anti-Phishing Act of 2005
Sponsor Rep. Darlene Hooley (D-OR)
Co-Sponsors Rep. Ed Case (R-HI), Rep. Eliot L. Engel (D-NY), Rep. Carolyn McCarthy (D-NY)
Summary H.R. 1099 criminalizes phishing, making it illegal to knowingly carry on any activity that links to websites with the intention of committing a crime. The legislation is also intended to penalize those who falsely represent themselves as being a legitimate online business and solicits an e-mail recipient to provide identification to the phisher. This legislation is similar to S. 472.
Latest Update Rep. Dooley introduced H.R. 1099 on March 3, 2005 when it was then referred to the House Committee on the Judiciary. On May 10, 2005 it was then referred to the Subcommittee on Crime, Terrorism, and Homeland Security.
Privacy / Identity Theft Protection / Data Warehouses
Bill Number   S. 29
Title Social Security Number Misuse Prevention Act
Sponsor Senator Dianne Feinstein (D-CA)
Co-Sponsors Sen. Patrick Leahy (D-VT), Sen. Judd Gregg (R-NH), Sen. John E. Sununu (R-NH), Sen. Bill Nelson (D-FL)
Summary This bill amends the Federal criminal code to prohibit the display, sale, or purchase of social security numbers without the affirmatively expressed consent of the individual, except in specified circumstances. It directs the Attorney General to study and report to Congress on all the uses of social security numbers permitted, required, authorized, or excepted under any Federal law, including the impact of such uses on privacy and data security. S. 29 establishes a public records exception to the prohibition and directs the Comptroller General to study and report to Congress on social security numbers in public records. The Attorney General is granted rulemaking authority to enforce this Act's prohibition and to implement and clarify the permitted uses occurring as a result of an interaction between businesses, governments, or business and government.

S. 29 seeks to limit misuse of Social Security numbers and establishes criminal penalties for such misuse.
Latest Update S. 29 was introduced on Jan. 24, 2005 by Senator Feinstein and was referred to the Committee on the Judiciary.
 
Bill Number   S. 116
Title Privacy Act of 2005
Sponsor Senator Dianne Feinstein (D-CA)
Summary S. 116 prohibits the sale and disclosure of personally identifiable information by a commercial entity to a non-affiliated third party unless prescribed procedures for notice and opportunity to restrict such disclosure have been followed. The bill grants the Federal Trade Commission (FTC) enforcement authority. S. 166 also amends Federal criminal law to prohibit the display, sale, or purchase of social security numbers (SSNs) without the affirmatively expressed consent of the individual. This legislation prohibits the use of SSNs on checks issued for payment by governmental agencies and driver's licenses or motor vehicle registrations. It prohibits a commercial entity from requiring disclosure of an individual's SSN in order to obtain goods or services, and it establishes criminal and civil monetary penalties for misuse of an SSN.

S. 116 requires the consent of an individual prior to the sale and marketing of an individual's personally identifiable information.
Latest Update S. 116 was introduced on Jan. 24, 2005 by Senator Feinstein and was referred to the Committee on the Judiciary.
 
Bill Number   S. 500
Title Information Protection and Security Act
Sponsor Senator Bill Nelson (D-FL)
Co-sponsor Sen. Hillary Clinton (D-NY)
Summary S. 500 regulates information brokers and protects individual rights with respect to personally identifiable information. Specifically, it authorizes the Federal Trade Commission (FTC) to promulgate regulations requiring information brokers to update the information they store and allow individuals to access their information; upon request by the individual, the information brokers must disclose what information they distribute and to whom it was given; the information brokers must also authenticate users before allowing usage; finally, S. 500 authorizes enforcement by FTC and allows individuals the right to private action against the brokers.
Latest Update Senator Nelson introduced the Information Protection and Security Act on March 3, 2005 and it was then referred to the Committee on Commerce, Science, and Transportation. S. 500 is identical to H.R. 1080, sponsored by Rep. Ed Markey (D-MA).
 
Bill Number   S. 751
Title Notification of Risk to Personal Data Act
Sponsor Senator Dianne Feinstein (D-CA)
Co-Sponsors Sen. Mark Dayton (D-MN), Sen. John Kyl (R-AZ)
Summary S. 751 requires a business or government entity to notify an individual in writing or email when it is believed that personal information has been compromised, with the exception of situations relating to criminal investigation or national security purposes. Examples of personal information include: Social Security number, driver's license or state identification number, or credit card or bank account information. The bill covers both electronic and non-electronic data, as well as encrypted and non-encrypted data. This bill is based on California law, which is the first and currently the only State law requiring notification of individuals.
Latest Update S. 751 was introduced on April 11, 2005 and referred to the Committee on the Judiciary.
 
Bill Number   S. 768
Title Comprehensive Identity Theft Prevention Act
Sponsor Senator Charles Schumer (D-NY)
Co-Sponsors Sen. Bill Nelson (D-FL), Sen. Mark Dayton (D-MN), Sen. Edward Kennedy (D-MA), Sen. Barbara Boxer (D-CA), Sen. Byron Dorgan (D-ND)
Summary S. 768 creates a new Federal Trade Commission (FTC) office of identity theft to help victims restore their identities. This office will promulgate regulations for data brokers, governing the sale, maintenance, collection, or transfer of sensitive personal information, including a requirement that reasonable steps are taken to prevent unauthorized access to sensitive personal information; penalties have been established for violators. The bill includes a breach notification provision. S. 768 also establishes an annual identity theft report, will not interfere with provisions of the Fair Credit Reporting Act, and preempts state law.
Latest Update S. 768 was introduced on April 12, 2005 and referred to the Committee on Commerce, Science, and Transportation.
 
Bill Number   S. 1216
Title Financial Privacy Breach Notification Act of 2005
Sponsor Senator Jon Corzine (D-NJ)
Co-Sponsor Sen. Christopher J. Dodd (D-CT)
Summary This bill amends the Gramm-Leach-Bliley Act to require a financial institution to promptly notify the following entities whenever a breach of personal information has occurred at such institution: each customer affected by such breach; certain consumer reporting agencies; and appropriate law enforcement agencies. Furthermore, it requires any person that maintains personal information for or on behalf of a financial institution to promptly notify the institution of any case in which such customer information has been breached. Prescribes notification procedures. Finally, it authorizes a customer injured by a violation of this Act to institute a civil action to recover damages and authorizes the Federal Trade Commission to enforce compliance with this Act, including the assessment of fines for violations.
Latest Update S. 1216 was introduced on June 9, 2005 and was referred to the Senate Committee on Banking, Housing, and Urban Affairs.
 
Bill Number   S. 1326
Title Notification of Risk to Personal Data Act
Sponsor Senator Jeff Sessions (R-AL)
Summary Defines "breach of security of the system" as compromise of the security of computerized data that provides a reasonable basis to conclude that sensitive personal information is at significant risk of identity theft. S. 1326 requires any entity that owns or licenses sensitive personal information to implement and maintain "reasonable" security and notification procedures and practices appropriate to the nature of the information; preempts any state laws which relate "in any way to electronic information security standards or notification."
Latest Update S.1326 was introduced on June 28, 2005 and referred to the Committee on the Judiciary. The Committee scheduled July 21, 2005 to review and mark-up the bill, but will meet separately with member of the Senate Commerce Committee on this and other related legislation. On October 20, 2005 S. 1326 was reported out of Committee and placed on the Senate Legislative Calendar.
 
Bill Number   S. 1332
Title Personal Data Privacy and Security Act of 2005
Sponsor Senator Arlen Specter (R-PA)
Co-Sponsors Sen. Patrick Leahy (D-VT), Sen. Russell Feingold (D-WI)
Summary S. 1332 deals with different issues relating to identity theft and security breaches, specifically providing security measures that require "business entities" that have info on more than 10,000 US persons to adopt measures, commensurate with the sensitivity of the data and the size and complexity of the entities activities. This bill would encourage the Federal Trade Commission to create a new standard for reasonable security practices, including creating regulations that require covered entities to develop, implement, and maintain an effective information security program that contains administrative, technical, and physical safeguards for sensitive personal information, taking into account the use of technological safeguards, including encryption, truncation, and other safeguards available or being developed for such purposes; require procedures for verifying the credentials of any third party seeking to obtain the sensitive personal information of another person; and require disposal procedures to be followed by covered entities that dispose of sensitive personal information; or transfer sensitive personal information to third parties for disposal. It does not require total federal preemption of any similar state law except to the extent that the state law is inconsistent with this title.
Latest Update This bill was introduced on June 29, 2005 and placed on the Senate Legislative Calendar. On July 1, 2005 it was placed on the Senate Legislative Calendar under General Orders.
 
Bill Number   S. 1336
Title Consumer Identity Protection and Security Act
Sponsor Senator Mark Pryor (D-AR)
Summary This bill establish procedures for the protection of consumers from misuse of, and unauthorized access to, sensitive personal information contained in private information files maintained by commercial entities engaged in, or affecting, interstate commerce. More specifically any consumer may request a consumer reporting agency to place a "security freeze" on their private information file if they feel their information has been compromised. The consumer reporting agency must freeze the information no later than 2 business days after receiving a written or telephone request from the consumer or 24 hours after receiving a secure electronic mail request, and must inform the consumer of the enacted freeze. The freeze will only be terminated if the consumer requests the termination or if the consumer reporting agency determines the freeze was requested due to a material misrepresentation of fact by the consumer.
Latest Update S. 1336 was introduced on June 29, 2005 and was referred to the Senate Committee on Commerce, Science, and Transportation.
 
Bill Number   S. 1408
Title Identity Theft Protection Act
Sponsor Senator Gordon Smith (R-OR)
Co-Sponsors Sen. Ben Nelson (D-FL), Sen. Daniel Inouye (D-HI), Sen. John McCain (R-AZ), Sen. Mark Pryor (D-AR), Sen. Ted Stevens (R- AK), Sen. Hillary Rodham Clinton (D- NY), Sen. Lisa Murkowski (R-AK)
Summary S. 1408 strengthens data protection and safeguards, requires data breach notification, and further prevents identity theft. Specifically, S. 1408 allows consumers to "freeze" their credit and requires companies to "develop, implement and maintain an effective information security program." Any entity, whether commercial or non-profit, could be fined $11,000 for each person who experiences a security breach; penalties would be capped at $11 million. Entities with breaches affecting more than 1,000 individuals must notify the FTC, and the agency must publish that information on its Web site. Companies must establish procedures to verify the identities of third parties that want to buy sensitive consumer information. S. 1408 prohibits the "covered entities" from using Social Security numbers in transactions unless their business is dependant on the numbers. Finally, "reasonable" risk of fraud would be the standard for triggering notice of security breaches to consumers (rather than the higher standard of "substantial" risk found in S. 751).

Under this bill, the FTC will promulgate regulations that require covered entities to develop, implement, and maintain an effective information security program that contains administrative, technical, and physical safeguards for sensitive personal information, taking into account the use of technological safeguards, including encryption, truncation, and other safeguards available or being developed for such purposes; require procedures for verifying the credentials of any third party seeking to obtain the sensitive personal information of another person; and require disposal procedures to be followed by covered entities that dispose of sensitive personal information; or transfer sensitive personal information to third parties for disposal.

This bill also requires the Chairman of the FTC to establish an Information Security Working Group to develop best practices to protect sensitive personal information stored and transferred. The Working Group shall be composed of industry participants, consumer groups, and other interested parties; the group would be required to submit to Congress a report on their findings with 12 months of the establishment of the working group.
Latest Update S. 1408 was introduced on July 14, 2005 and referred to the Committee on Commerce, Science and Transportation. On July 28, 2005 the Commerce Committee ordered S. 1408 to be reported with an amendment in the nature of a substitute. On December 8, 2005, the bill was reported out with an amendment in the nature of a substitute. Placed on the Senate Legislative Calendar under General Orders.
 
Bill Number   S. 1461
Title Consumer Identity Protection and Security Act
Sponsor Sen. Richard Shelby (R-AL)
Summary S. 1461 establishes procedures for the protection of consumers from misuse of, and unauthorized access to, sensitive personal information contained in private information files maintained by commercial entities engaged in, or affecting, interstate commerce, provide for enforcement of those procedures by the Federal Trade Commission.
Latest Update S. 1461 was introduced on July 21, 2005 and referred to the Committee on Banking, Housing and Urban Affairs.
 
Bill Number   S. 1594
Title Financial Privacy Protection Act of 2005
Sponsor Sen. Corzine (D-NJ)
Summary S. 1594 amends the Gramm-Leach-Bliley Act to require each financial institution to develop and maintain a security system designed to prevent any breach with respect to its customer information. The bill prescribes guidelines for: (1) federal functional regulators to issue regulations governing a customer information security system; and (2) financial institutions to notify customers of unauthorized access to customer information.

S. 1594 provides for: (1) civil action for damages by a customer adversely affected by a violation of this Act; (2) injunctions against a financial institution in violation or potential violation of this Act; and (3) civil enforcement actions by state Attorneys General.

Finally, S. 1594 amends the Fair Credit Reporting Act to: (1) require a consumer reporting agency to trigger a fraud alert in a consumer file upon notification by a consumer of a data security breach or suspected breach under this Act; and (2) prohibit the user of a consumer report to take any adverse action with respect to a consumer based solely on the inclusion of a fraud alert, extended alert, or active duty alert in the file of that consumer.
Latest Update Introduced on July 29, 2005 and referred to the Committee on Banking, Housing, and Urban Affairs.
 
Bill Number   S. 1789
Title Personal Data Privacy and Security Act of 2005
Sponsor Sen. Arlen Specter (R-PA)
Co-Sponsors Sen. Russell D. Feingold (D-WI), Sen. Dianne Feinstein (D-CA), Sen. Patrick Leahy (D-VT)
Summary S. 1789 aims to prevent and mitigate identity theft, ensure privacy, provide notice of security breaches, and enhance criminal penalties, law enforcement assistance, and other protections against security breaches, fraudulent access, and misuse of personally identifiable information.
Latest Update Introduced on September 29, 2005 and referred to the Committee on the Judiciary. On October 20 and October 27, 2005 S. 1789 was considered and held over for the next meeting. On November 17, 2005 by a 13-5 vote, the Senate Judiciary Committee approved S. 1789.
 
Bill Number   S. 2169
Title Financial Data Protection Act of 2005
Sponsor Sen. Thomas R. Carper (D-DE)
Co-Sponsor Sen. Mel Martinez (R-FL)
Summary S.2169 amends the Fair Credit Reporting Act to provide for secure financial data. Specifically, it requires consumer reporters to implement and maintain "reasonable policies and procedures" that protect sensitive financial personal information of consumers. If a breach occurs, the consumer reporter must promptly notify specific entities, and take measures to repair the breach and restore the security and confidentiality of the sensitive financial personal information, and take reasonable measures to restore the integrity of the affected data security safeguards.
Latest Update Introduced on December 12, 2005 and referred to the Senate Committee on Banking Housing and Urban Affairs. The text of S.2169 is identical to the bill introduced in the House Financial Services Committee with the bill number HR 3997.
 
Bill Number   S. 3506
Title Data Theft Prevention Act of 2006
Sponsor Sen. Daniel K. Akaka (D-HI)
Co-Sponsors There are 11 co-sponsors.
Summary S. 3506 would establish Federal penalties for anyone, whether a government employee or government contractor, who knowingly and without authorization views, uses, downloads, or removes any means of identification or individually identifiable health information that is in a Federal database; this legislation would apply to all Federal departments and agencies. The legislation would also create penalties for those who would use any such personal information for criminal purposes. S. 3506 would compliment existing Federal personal information security policies and emphasize the need for all Federal departments and agencies to review existing policies and clearly define employees who are and are not authorized to use, view, or download personal information
Latest Update S. 3506 was introduced on June 13, 2006 and referred to the Committee on the Judiciary.
 
Bill Number   S. 3531
Title To appropriate $430,000,000 for medical care for veterans and $70,000,000 to improve the security for personal data of veterans held by the Department of Veterans Affairs, and for other purposes.
Sponsor Sen. Patty Murray (D-WA)
Summary This bill appropriates $70,000,000 to improve the security for personal data of veterans held by the Department of Veterans Affairs and to provide remedial assistance to veterans who have had personal data stolen from the Department of Veterans Affairs.
Latest Update S. 3531 was introduced on June 16, 2006 and referred to the Senate Appropriations Committee.
 
Bill Number   NEW! S. 3568
Title Data Security Act of 2006
Sponsor Sen. Robert Bennett (R-UT)
Co-Sponsor Sen. Tom Carper (D-DE)
Summary S. 3568 protects information relating to consumers, and requires notice of security breaches. This bill refers to entities that engage in financial activities under section 4(k) of the Bank Holding Company Act and financial institutions, as well as entities that maintain or possess information subject to the Fair Credit Reporting Act’s disposal rule, and any other entities that maintain or communicate sensitive personal or account information. The covered entity must implement and maintain reasonable policies and procedures to protect the confidentiality and security of sensitive account and personal information maintained or communicated by or on behalf of such entity from unauthorized use that is reasonably likely to result in substantial harm or inconvenience to the consumer. S. 3568 preempts state laws. Under S. 3568, financial institutions are deemed in compliance with the safeguarding obligation if they maintain policies and procedures consistent with section 501(b) of GLB that cover non-customer as well as customer information. Enforcement is limited to functional regulators
Latest Update S. 3568 was introduced on June 26, 2006 and referred to the Committee on Banking, Housing, and Urban Affairs.
 
Bill Number   H.R. 82
Title Social Security On-line Privacy Protection Act
Sponsor Rep. Rodney Frelinghuysen (R-NJ)
Summary H.R. 82 prohibits an interactive computer service from disclosing to a third party an individual's Social Security number or related personally identifiable information without the individual's prior informed written consent. The bill also requires such service to permit an individual to revoke any consent at any time.

This bill prohibits a second party with possession of an individual's personal information from disclosing that information to a third party without the individual's consent.
Latest Update Rep. Frelinghuysen introduced H.R. 82 on Jan. 4, 2005 and it was referred to the Subcommittee on Commerce, Trade and Consumer Protection. On February 4, 2005 it was then referred to the Subcommittee on Commerce, Trade and Consumer Protection.
 
Bill Number   H.R. 84
Title Online Privacy Protection Act of 2005
Sponsor Rep. Rodney Frelinghuysen (R-NJ)
Summary H.R. 84 requires the Federal Trade Commission to prescribe regulations to protect the privacy of personal information collected from and about individuals who are not covered by the Children's Online Privacy Protection Act of 1998 (age 13 and above) on the Internet. It makes it unlawful for an operator of a Web site or online service to collect, use, or disclose personal information concerning an individual in a manner that is in violation of prescribed regulations, requiring such operators to protect the confidentiality, security, and integrity of personal information it collects from such individuals. H.R. 84 also provides greater individual control over the collection and use of that information by creating a process for such individuals to consent to or limit the disclosure of such information. Additionally, H.R. 84 directs the FTC to provide incentives for efforts of self-regulation by operators to implement appropriate protections for such information. Finally, it authorizes the States to enforce such regulations by bringing actions on behalf of residents, requiring the State attorney general to first notify the FTC of such action.

This bill requires all websites asking for personal information to disclose to individuals what information is being collected and how the information will be utilized.
Latest Update Rep. Frelinghuysen introduced H.R. 84 on Jan. 4, 2005 and it was referred to the Subcommittee on Commerce, Trade and Consumer Protection. On February 4, 2005 it was then referred to the Subcommittee on Commerce, Trade and Consumer Protection.
 
Bill Number   H.R. 220
Title Identity Theft Prevention Act of 2005
Sponsor Rep. Ron Paul (R-TX)
Co-Sponsors Rep. Roscoe G. Bartlett (R-MD), Rep. Maurice D. Hinchey (D-NY), Rep. Lynn C. Woolsey (D-CA), Rep. Thaddeus G. McCotter (R-MI), Rep. Eleanor Holmes Norton (D-DC), Rep. Zach Wamp (R-TN)
Summary H.R. 220 Amends title II (Old Age, Survivors and Disability Insurance) of the Social Security Act and the Internal Revenue Code to prohibit using a Social Security account number except for specified Social Security and tax purposes. The bill also prohibits the Social Security Administration from divulging the Social Security account number of an individual to any Federal, State, or local government agency or instrumentality, or to any other individual. Conversely, no Federal, State, or local government agency or instrumentality may request an individual to disclose his Social Security account number on either a mandatory or a voluntary basis, among other prohibitions.

This bill requires the Federal government to issue new SS numbers within five years of the effective date of the bill; the new SS number will be used solely for social security issues, and the Federal government will cease using SS numbers to identify people. Individuals will have several ID numbers, each applicable to specific agencies.
Latest Update H.R. 220 was introduced on Jan. 4, 2005 by Rep. Paul. It was then referred to the Committee on Ways and Means and the Committee on Government Reform. On January 25, 2005 the Committee on Ways and Means then referred it to the Subcommittee on Social Security.
 
Bill Number   H.R. 1069
Title Notification of Risk to Personal Data Act
Sponsor Rep. Melissa Bean (D-IL)
Co-Sponsors There are 18 Co-Sponsors.
Summary This legislation prescribes notification procedures governing any agency, or person engaged in interstate commerce that owns or licenses electronic data containing personal information, following the discovery of a breach of security of the system containing such data. Furthermore, it amends the Gramm-Leach-Bliley Act to require a financial institution, at which a breach of personal information is reasonably believed to have occurred, to promptly notify each affected customer, each pertinent consumer reporting agency, the information clearinghouse established by the Federal Trade Commission (FTC) under this Act, and appropriate law enforcement agencies in any case in which the financial institution has reason to believe that the breach or suspected breach affects a large number of customers. It also requires any person that maintains personal information for or on behalf of a financial institution to notify promptly the financial institution of any case in which such customer information has been, or is reasonably believed to have been, breached.

In addition, the bill amends the Fair Credit Reporting Act to require a consumer reporting agency to maintain a fraud alert file with respect to any consumer upon receiving notice of a breach of personal information from: (1) an agency or person engaged in interstate commerce pursuant to this Act; or (2) a financial institution subject to the Gramm-Leach-Bliley Act. Finally, it authorizes State Attorneys General to bring civil actions in Federal district court to enforce this Act on behalf of the residents of the State and directs the FTC to establish and maintain a clearinghouse to collect and analyze information required under this Act.
Latest Update H.R. 1069 was introduced on March 3, 2005 and was referred to the Energy and Commerce Committee; the Committee on Government Reform; and the Financial Services Committee. On May 13, 2005 bill was referred to the Energy and Commerce Subcommittee on Financial Institutions and Consumer Credit, and the Financial Services Subcommittee on Commerce, Trade and Consumer Protection.
 
Bill Number   H.R. 1078
Title Social Security Number Protection Act of 2005
Sponsor Rep. Ed Markey (D-MA)
Co-Sponsors There are 19 Co-Sponsors.
Summary This bill amends title II (Old Age, Survivors and Disability Insurance) of the Social Security Act (SSA) to establish criminal penalties for the sale and purchase of the Social Security number and Social Security account number of any person, except in certain circumstances such as health, research, law enforcement, or emergency situations.
Latest Update H.R. 1078 was introduced on March 3, 2005 and on March 11, 2005 was referred to the Ways and Means Subcommittee on Social Security.  On March 14, 2005, it was referred to the Energy and Commerce Subcommittee on Commerce, Trade and Consumer Protection.
 
Bill Number   H.R. 1080
Title Information Protection and Security Act
Sponsor Rep. Ed Markey (D-MA)
Co-Sponsors There are 22 Co-Sponsors
Summary H.R. 1080 regulates information brokers and protects individual rights with respect to personally identifiable information. Specifically, it authorizes the Federal Trade Commission (FTC) to promulgate regulations requiring information brokers to update the information they store and allow individuals to access their information; upon request by the individual, the information brokers must disclose what information they distribute and to whom it was given; the information brokers must also authenticate users before allowing usage; finally, H.R. 1080 authorizes enforcement by FTC and allows individuals the right to private action against the brokers. H.R. 1080 is identical to S. 500.
Latest Update Introduced on March 3, 2005 and referred to the House Committee on Energy and Commerce; on March 14, 2005 it was then referred to the Subcommittee on Commerce, Trade and Consumer Protection.
 
Bill Number   H.R. 1263
Title Consumer Privacy Protection Act of 2005
Sponsor Rep. Cliff Stearns (R-FL), Rep. Rick Boucher (D-VA)
Summary This bill protects and enhances consumer privacy by instituting a number of requirements for data collection organizations, specifically to provide notification to consumers and to establish a privacy policy with respect to the collection, sale, disclosure for consideration, or use of the consumer's information.
Latest Update H.R. 1263 was introduced on March 10, 2005 and referred to the House Committee on International Relations and the House Energy and Commerce Committee.  On March 22, 2005, it was then referred to the E&C’s Subcommittee on Commerce, Trade and Consumer Protection.
 
Bill Number   H.R. 1745
Title Social Security Number Privacy and Identity Theft Prevention Act of 2005
Sponsor Rep. E. Clay Shaw, Jr. (R-FL)
Co-Sponsors There are 44 Co-Sponsors
Summary H.R. 1745 amends the Social Security Act to enhance Social Security account number privacy protections, to prevent fraudulent misuse of the Social Security account number, and to otherwise enhance protection against identity theft. Specifically, it:

(1) Specifies restrictions on the sale and display to the general public of Social Security account numbers (SSNs) (or any derivatives) by Federal, State, and local governments and bankruptcy case trustees.
(2) Prohibits the display of SSNs (or any derivatives) on checks issued for payment by such governments.
(3) Prohibits the Federal, State, or local government display of SSNs (or any derivatives) on employee identification cards or tags (IDs).
(4) Prohibits access to the SSNs of other individuals by prisoners employed by Federal, State, or local governments.
(5) Prohibits the selling, purchasing, or displaying of SSNs (with certain exceptions), or the obtaining or use of any individual's SSN to locate or identify such individual with the intent to physically injure or harm such individual or to use the individual's ID for any illegal purpose by any person

H.R. 1745 also subjects to the Fair Credit Reporting Act information regarding a consumer's SSN (and any derivative), and provides that any person who refuses to do business with an individual for refusing to disclose his or her SSN shall be considered to have committed an unfair or deceptive act or practice. Finally, the bill establishes civil and criminal penalties for violations of this Act, and enhanced penalties in cases of terrorism, drug trafficking, crimes of violence, or prior offenses.
Latest Update H.R. 1745 was introduced on April 20, 2005 and referred to the Committee on Ways and Means, Financial Services, and Energy and Commerce. On April 27, 2005, it was referred to the Ways and Means Subcommittee on Social Security; on May 13, 2005 it was referred to the House Energy and Commerce Subcommittee on Commerce, Trade and Consumer Protection, and on May 19, 2005 it was referred to the House Financial Services Subcommittee on Financial Institutions and Consumer Credit.
 
Bill Number   H.R. 3140
Title Consumer Data Security and Notification Act of 2005
Sponsor Rep. Melissa Bean (D-IL)
Co-Sponsors There are 16 Co-Sponsors.
Summary This bill expands the protections for sensitive personal information in Federal law to cover the information collection and sharing practices of unregulated information brokers. In addition it enhances information security requirements for consumer reporting agencies and information brokers; and requires consumer reporting agencies, financial institutions, and other entities to notify consumers of data security breaches involving sensitive consumer information.
Latest Update H.R. 3140 was introduced on June 30, 2005 and was referred to the House Committee on Financial Services.
 
Bill Number   H.R. 3375
Title Financial Data Security Act of 2005
Sponsor Rep. Deborah Pryce (R-OH)
Co-Sponsors Rep. Michael N. Castle (R-DE), Rep. Dennis Moore (D-KS), Rep. Christopher Shays (D-CT)
Summary H.R. 3375 amends the Fair Credit Reporting Act to declare that each consumer reporting agency, reporting broker, or reporting collector (consumer reporter) has an obligation to maintain reasonable policies and procedures to protect the security and confidentiality of a consumer's sensitive financial account and identity information against any unauthorized use that is reasonably likely to result in substantial inconvenience or substantial harm to such consumer. The bill prescribes data security safeguards that include: (1) investigations to protect against identity theft and fraudulent transactions; (2) notification alerts to law enforcement agencies, functional regulatory agencies, and affected consumers; (3) investigation and notice requirements for third party agreements; and (4) financial fraud mitigation procedures that offer free file monitoring service for affected consumers.

Additionally, the bill requires the Secretary of the Treasury (Secretary), the Board of Governors of the Federal Reserve System (Board), and the Federal Trade Commission (FTC) jointly to prescribe regulations that shield a consumer reporter from liability under state common law for loss or harm to the consumer subsequent to such reporter's offer of the free file monitoring service. The bill cites conditions under which persons in compliance with the Gramm-Leach Bliley Act governing disclosure of nonpublic personal financial information shall be deemed to be in compliance with this Act. H.R. 3375 preempts state law with respect to the data security safeguards and financial fraud mitigation prescribed by this Act.
Latest Update H.R. 3375 was introduced on July 21, 2005 and referred to the House Committee on Financial Services.
 
Bill Number   H.R. 3997
Title Financial Data Protection Act of 2005
Sponsor Rep. Steve LaTourette (R-OH)
Co-Sponsors There are 12 Co-Sponsors.
Summary H.R. 3997 amends the Fair Credit Reporting Act to provide for secure financial data. Specifically, it requires consumer reporters to implement and maintain "reasonable policies and procedures" that protect sensitive financial personal information of consumers. If a breach occurs, the consumer reporter must promptly notify specific entities, and take measures to repair the breach and restore the security and confidentiality of the sensitive financial personal information, and take reasonable measures to restore the integrity of the affected data security safeguards.
Latest Update Introduced on October 6, 2005 and referred to the House Committee on Financial Services. On November 9, 2005 the Committee held a hearing and it was clear that there was not bi-partisan consensus on the bill. From the comments of Rep. Frank and Chairman Bachus certain provisions of H.R. 3140 may be considered prior to subcommittee mark-up of H.R. 3997. On March 16, 2006 H.R. 3997 was marked up and reported out with amendments. On May 24, 2006, HR 3997 was marked up by the Energy and Commerce Committee. Rep. Stearns offered an amendment in the form of a substitute bill that, following the enacting language, inserts the language from HR 4127. The Committee approved the substitute bill 42-0. On June 2, 2006, HR 3997 was reported out of committee and placed on the Legislative Calendar.
 
Bill Number   H.R. 4127
Title Data Accountability and Trust Act
Sponsor Rep. Cliff Stearns (R-FL)
Co-Sponsors Rep. Deborah Pryce (R-OH), Rep. Fred Upton (R-MI), Rep. George Radanovich (R-CA), Rep. Charles Bass (R-NH), Rep. Mary Bono (R-CA), Rep. Michael Ferguson (R-NJ), Rep. Marsha Blackburn (R-TN), Rep. Paul E. Gillmor (R-OH)
Summary H.R. 4127 would require the implementation of general security policies and procedures by all who own or possess electronic personal information. Entities which own or posses personal information must notify individuals if the entity determines that there is a reasonable basis to conclude there is a significant risk of identity theft. Use of encryption technology creates a presumption that there is no reasonable basis of risk. The FTC is given sole enforcement power of this act and it preempts all state laws and regulations that concern reasonable security measures or notification of security breach.
Latest Update H.R. 4127 introduced October 25, 2005 and was marked-up in the House Energy and Commerce Committee's subcommittee on Commerce, Trade and Consumer Protection on November 3. Subcommittee Chairman Stearns offered a number of manager amendments which were accepted. The bill was passed out of subcommittee although with no minority support. On March 29, 2006 it was passed out of full committee by a vote of 41-0. On March 29, 2006 it was passed out of full committee by a vote of 41-0. On May 24, 2006, the House Financial Services considered HR 4127, offered an amendment in the form of a substitute bill, and inserted the language from 3997. This amended bill was passed out of committee.
 
Bill Number   H.R. 5318
Title Cyber-Security Enhancement and Consumer Data Protection Act of 2006
Sponsor Rep. Jim Sensenbrenner, Jr. (R-WI)
Co-Sponsors Rep. Steve Chabot (R-OH), Rep. Howard Coble (R-NC), Rep. Tom Feeney (R-FL), Rep. Deborah Pryce (R-OH), Rep. Adam Schiff (D-CA), Rep. Lamar Smith (R-TX)
Summary H.R. 5318 would make it a crime to knowingly fail to report within 14 days major security breaches to the FBI or Secret Service that involve at least 10,000 consumers, federal databases or any contractor involved in national security matters or law enforcement. The bill would allow the FBI and the Secret Service to investigate significant data breaches before consumers are notified. If law enforcement determines that notice to consumers would impede or compromise an investigation, it could direct in writing within seven days that notice to consumers be delayed for up to 30 days. The attorney general would be authorized to pursue civil penalties of up to $1 million for knowing failure to report breaches. The bill would add computer crimes and data theft to the list of crimes that can be prosecuted under the Racketeer Influenced and Corrupt Organizations law. It would make it a crime to access certain types of identification information stored in computers that operate in interstate commerce. A total of $30 million would be authorized for each fiscal year through 2011 for the Secret Service, the Justice Department and the FBI to investigate and prosecute computer crimes.
Latest Update H.R. 5318 was introduced on May 9, 2006 and referred to the House Judiciary Committee’s Subcommittee on Crime, Terrorism and Homeland Security. The Subcommittee held a hearing on May 11, 2006 and marked up the bill on May 18, 2006. It was passed out of committee and sent to the full Judiciary Committee, where it was marked-up and passed out of committee on May 25, 2006.
 
Bill Number   H.R. 5636
Title Social Security Number Privacy and Protection Act
Sponsor Rep. Key Granger (R-TX)
Co-Sponsors Rep. Thomas Allen (D-ME), Rep. Michael Burgess (R-TX), Rep. Katherine Harris (R-FL), Rep. Sherrod Brown (D-OH), Rep. Ken Calvert (R-CA), Rep. Ron Paul (R-TX)
Summary This bill directs the Director of Selective Service to alter the form of the Selective Service reminder mailback card, or the method by which the card is submitted to the Selective Service System, to reduce the risk of theft of Social Security account numbers included as part of the identifying information required from persons presenting themselves for registration under the Military Selective Service Act. HR 5636 also amends title XVIII (Medicare) of the Social Security Act (SSA) to eliminate the Social Security account number from Medicare, Medicaid (SSA title XIX), and SCHIP (SSA title XXI (State Children's Health Insurance) identification cards. It also amends federal veterans' benefits law to eliminate the Social Security account number from veterans’ health care identification cards issued by the Department of Veterans Affairs. Finally, this bill expresses the sense of Congress that health insurers should not use Social Security account numbers on insurance identification or claims cards issued to beneficiaries, but should substitute another identification code or number instead.
Latest Update H.R. 5636 was introduced on June 16, 2006 and referred to the following committees: Armed Services, Energy and Commerce, Veterans' Affairs, Ways and Means.
 
Bill Number   NEW! H.R. 5783
Title Unknown.
Sponsor Rep. Brian Bilbray (R-CA)
Summary H.R. 5783 is aimed to improve the security of sensitive personal data processed or maintained by the secretary of Veterans Affairs.
Latest Update H.R. 5783 was introduced on July 13, 2006 and referred to the House Committee on Veterans’ Affairs.
Internet
Bill Number   H.R. 214
Title Internet Communications Services Act of 2005
Sponsor Rep. Cliff Stearns (R-FL)
Co-sponsor Rep. Rick Boucher (D-VA)
Summary Promotes deployment of and investment in advanced Internet communications services; gives the Federal Communications Commission (FCC) exclusive authority regarding advanced Internet communications services, allowing the FCC to impose specific requirements or obligations on providers of advanced Internet communications voice service.
Latest Update Introduced on January 14, 2005; referred on February 4, 2005 to the House Subcommittee on Telecommunications and the Internet.
Internet Security, Safety and Ethics
Bill Number   S. 3499
Title Internet Safety (Stop Adults Facilitating the Exploitation of Youth) Act of 2006
Sponsor Sen. John Kyl (R-AZ)
Co-sponsor Sen. George Allen (R-VA), Sen. Sam Brownback (R-KS), Sen. Conrad Burns (R-MT), Sen. John Cornyn (R-TX), Sen. Mike DeWine (R-OH), Sen. Chuck Grassley (R-IA), Sen. Kay Bailey Hutchison (R-TX), Sen. Olympia Snowe (R-ME)
Summary S. 3499 makes it a Federal offense to financially facilitate access to child pornography on the Internet; mandates penalties for Web site operators who insert words or images into their internet source codes with the intent to deceive persons into viewing obscene material on the internet; and requires commercial Web site operators to place warning marks prescribed by the Federal Trade Commission on Web pages that contain sexually explicit material.
Latest Update S. 3499 was introduced on June 13, 2006 and referred to the Committee on the Judiciary.
 
Bill Number   H.R. 5319
Title Deleting Online Predators Act of 2006
Sponsor Rep. Michael Fitzpatrick (R-PA)
Co-sponsor There are 28 co-sponsors.
Summary This bill allows schools to monitor the online activities of minors and would require both schools and libraries to employ technology to restrict access to commercial social networking websites and chat rooms so that minors, without parental consent, will be unable to access such websites.
Latest Update HR 5319 was introduced on May 9, 2006 and referred to the House Committee on Energy and Commerce. On May 15, 2006, it was then referred to the Subcommittee on Telecommunications and the Internet.
 
Bill Number   NEW! H.R. 5749
Title Internet Stopping Adults Facilitating the Exploitation of Today's Youth Act (SAFETY) of 2006
Sponsor Rep. Mark Foley (R-FL)
Co-sponsor Rep. Michael Fitzpatrick (R-PA)
Summary H.R. 5749 creates new penalties for operators of child pornography Web sites and holds Internet and financial companies accountable for pornography transactions. The bill also provides victims with new avenues to seek civil damages from pornographers.
Latest Update Introduced on July 10, 2006 and referred to the House Committee on the Judiciary.
Homeland Security
Bill Number   S. 140
Title Domestic Defense Fund Act of 2005
Sponsor Senator Hillary Clinton (D-NY)
Co-sponsor Sen. Charles E. Schumer (D-NY)
Summary S. 140 provides for a domestic defense fund to improve the Nation's homeland defense by authorizing the Secretary of Homeland Security to award grants to States, units of local government, and Indian tribes for homeland security development. The grant awardees are required to develop a homeland security plan identifying both short- and long-term homeland security needs, among other items. 70 percent of grant funds are required to be allocated among metropolitan cities and urban counties based on the Secretary's calculations of various infrastructure vulnerabilities and threats such as proximity to international borders, nuclear or other energy facilities, air, rail or water transportation, and national icons and Federal buildings.
Latest Update Senator Hillary Clinton introduced S. 140 on January 24, 2005. It was referred to the Senate Committee on Homeland Security and Governmental Affairs, where introductory remarks were made on February 15, 2005.
 
Bill Number   H.R. 91
Title Smarter Funding for All of America's Homeland Security Act of 2005
Sponsor Rep. Rodney P. Frelinghuysen (R-NJ)
Co-Sponsors There are 11 Co-Sponsors
Summary H.R. 91 modifies the DHS grant program, authorizing the Secretary of Homeland Security to make grants to first responders. One new criterion will be "Threats to major communications nodes, including cyber and telephonic nodes."
Latest Update Introduced on January 4, 2005 and referred to the Committee on Homeland Security (Select) and also the Committees on Transportation and Infrastructure, the Judiciary, and Energy and Commerce; on February 25, 2005 it was then referred to the Subcommittee on Health. Referred to the Subcommittee on Emergency Preparedness, Science, and Technology on March 9, 2005.
 
Bill Number   NEW! H.R. 5785
Title A bill to establish a unified national hazard alert system, and for other purposes
Sponsor Rep. John Shimkus (R-IL)
Co-Sponsors There are 10 Co-Sponsors
Summary H.R. 5785 creates a unified national hazard alert system. The bill would modernize the nation's alert system across all means of technology, including wireless devices, the Internet, television, radio and public warning systems.
Latest Update Introduced on July 13, 2006 and referred to the House Committee on Energy and Commerce.
Healthcare
Bill Number   S. 1223
Title Information Technology for Health Care Quality Act
Sponsor Senator Christopher Dodd (D-CT)
Co-sponsor Sen. Jim Jeffords (I-VT)
Summary Amends the Public Health Service Act to improve the quality and efficiency of health care delivery through improvements in health care information technology. It establishes within the executive office of the President an Office of Health Information Technology, which will be headed by a Director appointed by the President. The Office will develop a national strategy for improving the quality and enhancing the efficiency of health care through the improved use of health information technology and the creation of a National Health Information Infrastructure, and serve as the principle advisor to the President concerning health information technology.
Latest Update S. 1223 was introduced on June 9, 2005 and referred to the Senate Committee on Health, Education, Labor, and Pensions.
 
Bill Number   S. 1262
Title Technology to Enhance Quality Act of 2005 (Health TEQ)
Sponsor Senator Bill Frist (R-TN)
Co-Sponsors There are 15 Co-Sponsors
Summary The Health Technology to Enhance Quality Act of 2005 implements health information technology standards that would guide the design and operation of interoperable health information systems. The legislation codifies the Office of National Coordinator for Information Technology and establishes standards for the electronic exchange of health information. The bill also authorizes grants to local and regional consortiums to implement health information technology infrastructure that is compliant with national standards and establishes measures to assess the quality of care. Finally, it establishes standard quality measures to better assess the value of federal programs.
On June 16, 2005 Senators Frist and Clinton introduced the "Health Technology to Enhance Quality Act of 2005" (Health TEQ), which creates an interoperable health information technology (IT) system through the adoption of standards that will help reduce costs, enhance efficiency and improve overall patient care.
Latest Update Introduced on June 16, 2005 and referred to the Committee on Health, Education, Labor, and Pensions. On July 18, 2005 and July 21, 2005 introductory remarks were made. Elements of S. 1262 and S. 1355 were rolled into S. 1418, and on November 18, 2005 it was passed in the Senate. S. 1418 codifies the Office of the National Coordinator of Health Information Technology.
 
Bill Number   S. 1418
Title Wired for Health Care Quality Act
Sponsor Senator Michael B. Enzi (R-WY)
Co-Sponsors There are 38 Co-Sponsors
Summary Takes elements of S.1262 and S. 1355. Codifies the American Health Information Collaborative which is tasked with developing and implementing health information technology standards that will guide the design and operation of interoperable health information systems; also codifies the Office of National Coordinator for Information Technology and establishes standards for the electronic exchange of health information. The bill also authorizes grants to local and regional consortiums to implement health information technology infrastructure that is compliant with national standards and establishes measures to assess the quality of care. Finally, it establishes standard quality measures to better assess the value of federal programs. On July 18, Senator Enzi introduced the Wired for Health Care Quality act and offered it as a substitute amendment in the Committee on Health Education, Labor and Pensions.
Latest Update Introduced on July 27, 2005 it was passed out of the Senate on November 18 and referred to the House Committee on Energy and Commerce. Referred to the Subcommittee on Health on December 16, 2005.
 
Bill Number   H.R. 2234
Title The 21st Century Health Information Act of 2005
Sponsor Rep. Tim Murphy (R-PA)
Co-Sponsors There are 40 Co-Sponsors
Summary HR 2234 authorizes the Secretary of Health and Human Services (HHS) to create grants that will assist in establishing regional health information organizations; these organizations will create a network of integrated health information technology. The bill contains no explicit security standards, but requires each recipient of an HHS grant to submit a plan detailing the proposed network and how the network will be supported and secured. H.R. 2234 places itself squarely within the confines of HIPAA's privacy and security rules, so there are no new standards; however it does include language regarding certification the systems will require prior to being eligible for purchase with government grant money. Also of note, the bill requires the operators of these regional health information organizations to report both to the secretary of HHS and to the individual affected if personally identifiable information is compromised or if unauthorized access occurs. The operator must report the conditions of such unauthorized access to the Secretary but merely notify the individual.
Latest Update HR 2234 was introduced on May 10, 2005 and then referred to the Committee on Energy and Commerce and the Committee on Ways and Means. On May 23, 2005 the Committee on Energy and Commerce referred the bill to the Subcommittee on Health. On November 4, 2005 introductory remarks were made.
 
Bill Number   H.R. 2762
Title Demonstration Project: Internet-Based Submission Form
Sponsor Rep. Rob Andrews (D-NJ)
Summary Directs the Secretary of Health and Human Services to implement a three-year demonstration project to provide for the use of the Internet for the electronic submission of claims by providers of services under the Medicare program for which the HCFA-1500 claim form is utilized.
Latest Update On June 7, 2005, H.R. 2762 was introduced and referred to the Committee on Ways and Means, and the Committee on Energy and Commerce. On June 17, 2005 the Committee on Energy and Commerce then referred the bill to the Subcommittee on Health.
 
Bill Number   H.R. 4642
Title Wired for Health Care Quality Act
Sponsor Rep. Darrell E. Issa (R-CA)
Summary Codifies the American Health Information Collaborative which is tasked with developing and implementing health information technology standards that will guide the design and operation of interoperable health information systems; also codifies the Office of National Coordinator for Information Technology and establishes standards for the electronic exchange of health information. The bill also authorizes grants to local and regional consortiums to implement health information technology infrastructure that is compliant with national standards and establishes measures to assess the quality of care. Finally, it establishes standard quality measures to better assess the value of federal programs. The companion bill is S. 1418.
Latest Update On December 18, 2005, HR 4642 was introduced and referred to the House Committee on Energy and Commerce.  On January 3, 2006, it was then referred to the Subcommittee on Health.
 
Bill Number   HR 4157
Title Health Information Technology Promotion Act of 2005
Sponsor Rep. Nancy Johnson (R-CT)
Co-Sponsors There are 59 co-sponsors
Summary Codifies ONCHIT although does not specifically codify AHIC it does make mention of it as an advisory body and calls for a report from AHIC within two years of passage of this law as to standards for the HIT network and plans for a permanent advisory body including the role of the federal government within that body. Makes the ONCHIT the strategic planner for interoperable HIT, the coordinator of Federal Govt activities with regard to HIT. Interestingly enough there is authorization of appropriations for ONCHIT to undertake its duties but there are no provisions for federal grants or loans to create a nationwide interoperable HIT system. The bill contains all the boiler-plate anti-kickback language that is necessary when dealing with doctors potentially using larger health-care providers (i.e. hospitals) facilities. Interestingly enough this bill calls for a study to be done to determine the need for a National Health security and confidentiality standard.
Latest Update HR 4157 was introduced on 10/27/05 and referred to the House Energy and Commerce and House Ways and Means Committees.  On 11/4/2005, the bill was referred to the Energy and Commerce Committee’s Subcommittee on Health, where, on June 8, 2006 it was marked up and passed out of subcommittee.  On June 15, 2006, the full committee marked up and passed the bill of committee.
 
Bill Number   HR 4832
Title Electronic Health Information Technology Act of 2005
Sponsor Rep. William Lacy Clay (D-MO)
Co-Sponsors Rep. Jon Porter (R-NV)
Summary Creates a new position within HHS – The Chief Health Informatics Officer of the Health Information Technology which will replace ONCHIT and may at the Secretary’s discretion be filled by the current ONCHIT. Allows the CHIO to, among other things, develop HIT standards, create a plan to establish a national interoperable HIT system, oversee the administration of that plan and administer grants to facilitate the plan. Does not specify how the CHIO will develop standards other than through consultation with public and private stakeholders (presumably under AHIC or similar organization), although the CHIO shall recognize all of the standards developed by the Consolidated Health Informatics Council. Grants will be available for non-federal entities to implement the HIT standards, and non-compliance with these standards will result in a cut-off of federal funds to purchase HIT technology in the future. The bill also provides for federal loans to Health Care providers.
Latest Update Referred to the House Energy and Commerce and House Ways and Means Committees on March 1, 2006. On March 17, 2006, it was then referred to the Energy and Commerce Committee’s Subcommittee on Health.
 
Bill Number   HR 4859
Title Federal Family Health Information Technology Act of 2006
Sponsor Rep. Jon Porter (R-NV)
Co-Sponsors Rep. Dan Burton (R-IN), Rep. Wm. Lacy Clay (D-MO)
Summary Directs the contracts made with carriers of health insurance for federal employees and their families require that the carriers make available to the covered individuals' electronic health records that are consistent with the standards developed by ONCHIT. The records must be made available to the individuals who will be able to limit access to those records. The electronic health records shall be interoperable with other records provided by other carriers allowing for the transfer of individual records from one carrier to another. Each contract signed by OPM and the carrier shall require the carrier to create the records as well as a mechanism for individual access to those records as well as a method to transfer those records to another entity as directed by the individual. The bill also directs for OPM to establish the Federal Family Health Information Technology Trust Fund for the purpose to receive donations to be used to award grants to carriers which meet certain eligibility requirements to provide incentive to establish this system of standardized electronic health records.
Latest Update On March 2, 2006 this bill was referred to the House Committee on Government Reform.
 
IP and Telecom Services
Bill Number   S. 1063
Title I.P.-Enabled Voice Communications and Public Safety Act
Sponsor Senator Bill Nelson (D-FL)
Co-Sponsors Sen. Hillary Clinton (D-NY), Sen. Conrad Burns (D-MT), Sen. Olympia Snowe (R-ME), Sen. John Kerry (D-MA)
Summary S. 1063 requires all Internet telephone providers (VoIP) to connect emergency 911 calls made by their customers by requiring traditional telephone companies to give VOIP companies access to their 911 networks. Additionally, the bill requires VOIP companies to provide enhanced 911 services, allowing emergency personnel to determine physical locations of a call and other related information. The legislation states that any VOIP service provider that cannot comply with these requirements must give customers clear and conspicuous notice that 911 and E911 services are not available to them. This clear notice must be given when the customer purchases the service.
Latest Update On May 18, 2005 Senator Bill Nelson introduced S. 1063, the I.P.-Enabled Voice Communications and Public Safety Act. The bill was referred to the Committee on Commerce, Science, and Transportation. Rep. Bart Gordon of Tennessee introduced a companion bill in the House, H.R. 2418, on May 18, 2005. On November 2, 2005 the Committee on Commerce, Science, and Transportation ordered the bill to be reported out with an amendment in the nature of a substitute. On December 20, 2005 it was placed on the Senate Legislative Calendar.
 
Bill Number   S. 1504
Title Broadband Investment and Consumer Choice Act
Sponsor Sen. John Ensign (R-NV)
Co-Sponsors There are 16 Co-Sponsors.
Summary S. 1504 establishes a market-driven telecommunications marketplace, to eliminate government managed competition of existing communication service, and to provide parity between functionally equivalent services. Specifically, this bill prohibits any state or local government from regulating direct-to-home satellite services, and directs the Federal Communications Commission (FCC) to forbear from regulating mobile services unless determined necessary because of lack of competition or for the protection of public health and safety. It requires the FCC to prescribe regulations to promote: (1) competition and diversity in the multichannel video programming market; and (2) the continuing development of communications technologies. And S.1054 sets forth requirements for state- or locally-owned networks seeking to provide communications service and requires such governments to have an open bidding process allowing non-governmental entities to compete for the provision of such service.
Latest Update This bill was introduced on July 27, 2005 and referred to the Committee on Commerce, Science, and Transportation.
 
Bill Number   S. 2113
Title Digital Age Communications Act of 2005
Sponsor Sen. Jim DeMint (R-SC)
Co-Sponsor John Ensign (R-NV)
Summary S.2113 is designed to promote the widespread availability, integrity, reliability and efficiency of communications services through deregulation and market driven forces rather than direct government regulation. It presumes that economic regulation of communication services is unnecessary absent extraordinary circumstances. There are no provisions for cyber or network security absent the encouragement of innovation and competition through market based forces.
Latest Update This bill was introduced on December 15, 2005 and referred to the Committee on Commerce, Science and Transportation.
 
Bill Number   H.R. 214
Title Advanced Internet Communications Services Act of 2005
Sponsor Rep. Cliff Stearns (R-FL)
Co-sponsor Rep. Rick Boucher (D-VA)
Summary The bill aims to promote deployment of and investment in advanced Internet communications services. It gives the Federal Communications Commission (FCC) exclusive authority regarding advanced Internet communications services, allowing the FCC to impose specific requirements or obligations on providers of advanced Internet communications voice service.
Latest Update Rep. Stearns introduced this bill on January 14, 2005 and on February 4, 2005 it was referred to House Subcommittee on Telecommunications and the Internet.
 
Bill Number   H.R. 2418
Title I.P.-Enabled Voice Communications and Public Safety Act
Sponsor Rep. Bart Gordon (D-TN)
Co-Sponsors There are 34 Co-Sponsors.
Summary H.R. 2418 requires all Internet telephone providers (VoIP) to connect emergency 911 calls made by their customers by requiring traditional telephone companies to give VOIP companies access to their 911 networks. Additionally, the bill requires VOIP companies to provide enhanced 911 services, allowing emergency personnel to determine physical locations of a call and other related information. The legislation states that any VOIP service provider that cannot comply with these requirements must give customers clear and conspicuous notice that 911 and E911 services are not available to them. This clear notice must be given when the customer purchases the service.
Latest Update May 18, 2005 Rep. Bart Gordon introduced HR 2418, the I.P.-Enabled Voice Communications and Public Safety Act. The bill was introduced in the House Energy and Commerce Committee, which has jurisdiction over telecommunications, as well as Internet, issues. On June 3, 2005 it was then referred to the Subcommittee on Telecommunications and the Internet. Senator Bill Nelson of Florida introduced a companion bill in the Senate, S. 1063, on May 19, 2005.
 
Bill Number   H.R. 4569
Title Digital Transition Content Security Act of 2005
Sponsor James Sensenbrenner (R-WI)
Co-Sponsors John Conyers (D-MI), Rep. Howard Coble (R-NC)
Summary Requires analog conversion devices to preserve digital content copyright security measures.
Latest Update Introduced on December 16, 2005 and referred to the House Judiciary Committee’s Subcommittee on Courts, the Internet, and Intellectual Property.
Control Systems
 
Bill Number   S. 1995
Title Wastewater Treatment Works Security Act of 2005
Sponsor Sen. James M. Jeffords (I-VT)
Co-Sponsors Sen. Frank R. Lautenberg (D-NJ), Sen. Barbara Boxer (D-CA), Sen. Barack Obama (D-IL)
Summary S.1995 enhances the security of wastewater treatment works.
Latest Update S.1995 was introduced on November 10, 2005; introductory remarks were made, and it was referred to the Committee on Environment and Public Works.
 
Bill Number   S. 2145
Title Chemical Facility Anti-Terrorism Act of 2005
Sponsor Sen. Susan Collins (R-ME)
Co-Sponsors Sen. Norm Coleman (R-MN); Sen. Thomas Carper (D-DE); Sen. Jon Corzine (D-NJ); Sen. Carl Levin (D-MI) and Sen. Joseph Lieberman (D-CT)
Summary This legislation would direct the Department of Homeland Security to establish criteria for evaluating the vulnerability of chemical facilities to terrorist attack and establish risk-based tiers for facilities deemed in need of protection. These regulations will require facilities to conduct vulnerability assessments and to establish appropriate security and emergency response plans. Includes language that requires "electronic, computer or otherwise automated systems which are used by the chemical source" to be included in the vulnerability assessments.
Latest Update Introduced December 19, 2005 and referred to the Senate Committee on Homeland Security and Governmental Affairs. On June 14, 2006, S. 2145 was marked up, and on June 15, 2006, it was reported out of committee with an amendment in the nature of a substitute bill.
 
Bill Number   NEW! S. 3634
Title Spent Nuclear Fuel Control and Accounting Act of 2006
Sponsor Sen. Jim Jeffords (I-VT)
Co-Sponsors Sen. Patrick Leahy (D-VT)
Summary This bill would improve the material control and accounting and data management systems used by civilian nuclear power reactors to better account for spent nuclear fuel, and reduce the risks associated with the handling of those materials. H.R. 5761 is the companion bill.
Latest Update Introduced on July 11, 2006 and referred to the Senate Committee on Environment and Public Works.
 
Bill Number   H.R. 6  Bill passed and signed into law
Title Energy Policy Act of 2005
Sponsor Rep. Joe Barton (R-TX)
Summary H.R. 6 sets forth an energy research and development program, including: (1) energy efficiency; (2) renewable energy; (3) oil and gas; (4) coal; (5) Indian energy; (6) nuclear matters and security; (7) vehicles and motor fuels, including ethanol; (8) hydrogen; (9) electricity; and (10) energy tax incentives. Two prevalent cyber security-related measures in this bill include: a provision for the President, the Nuclear Regulatory Commission, and other appropriate Federal, State, and local agencies and private entities, to conduct a study of nuclear facility threats, including an assessment of physical, cyber, biochemical, and other terrorist threats; and an amendment regarding electric reliability standards, which is defined as providing for reliable operation of bulk-power system facilities, including cybersecurity protection. In reference to electric reliability standards, H.R. 6 includes cybersecurity threats when defining “reliable operation” to mean: “operating the elements of the bulk-power system within equipment and electric system thermal, voltage, and stability limits so that instability, uncontrolled separation, or cascading failures of such system will not occur as a result of a sudden disturbance, including a cybersecurity incident, or unanticipated failure of system elements.” And finally, “cybersecurity incident” is defined as “a malicious act or suspicious event that disrupts, or was an attempt to disrupt, the operation of those programmable electronic devices and communication networks including hardware, software and data that are essential to the reliable operation of the bulk power system.”
Latest Update On April 18, H.R. 6 was introduced and referred to the following Committees: Energy and Commerce; Education and the Workforce; Financial Services; Agriculture; Resources; Science; Ways and Means; and Transportation and Infrastructure. The House Energy and Commerce Committee then referred it to the Subcommittee on Energy and Air Quality, and the House Resources Committee held Committee Consideration and Mark-up Session on April 13, prior to introduction. On April 19, the Rules Committee Resolution (H. Res. 219) was reported to the House, which subsequently passed the House on April 20. On April 20 and 21, the House debated several amendments, passed by a vote of 249-183, and on April 26, it was received in the Senate. On June 9, H.R. 6 was placed on the Senate Legislative Calendar. It appears that the companion bill in the Senate, S. 10, does not contain any provisions relating to cyber security.

On June 14, 2005 the Senate received the bill, and on June 28, 2005 it passed by a vote of 85-12. A conference was held in late July to reconcile H.R. 6 and S. 10 and the bill was signed into law by the President on August 8, 2005.
 
Bill Number   H.R. 4602
Title Nuclear Security Act of 2005
Sponsor Rep. Nita Lowey (D-NY)
Co-Sponsor Rep. Maurice Hinchey (D-NY)
Summary Amends the Atomic Energy Act of 1954 and the Energy Reorganization Act of 1974 to strengthen security at sensitive nuclear facilities. There are no specific references to cyber security protection, however, the bill states that the Commission shall establish a nuclear security force that will, in turn, develop and implement a security plan to ensure the security of all sensitive nuclear facilities against the design basis threat. Some protective measures will include: designs of critical control systems at each sensitive nuclear facility; restricted personnel access to each sensitive nuclear facility; perimeter site security, internal site security, and fire protection barriers; and background security checks for employees and prospective employees.
Latest Update H.R. 4602 was introduced on December 16, 2005 referred to the Subcommittee on Energy and Air Quality on January 3 2006.
 
Bill Number   NEW! H.R. 5695
Title Chemical Facility Anti-Terrorism Act of 2006
Sponsor Rep. Dan Lungren (R-CA)
Co-Sponsors There are ten co-sponsors
Summary H.R. 5695 creates a risk-based system to rank chemical plants and require companies to create security plans to address the plants’ vulnerabilities. The bill would mandate penalties for disclosure of records related to the facility’s security by government officials. It would require imprisonment of at least one year for such disclosure. H.R. 5695 would increase the requirement for terrorist training exercises at the facilities, by deleting language that called for training to be done only during “heightened” periods of threat. In addition, the bill would empower the Homeland Security Department to enforce penalties for non-compliance. This bill includes language CSIA offered to the Senate version that broadens the definition of "vulnerability."
Latest Update H.R. 5695 was introduced on June 28, 2006. It was then referred to the Committee on Homeland Security’s Subcommittee on Economic Security, Infrastructure Protection, and Cybersecurity, and the Committee on Energy and Commerce. On July 11, 2006, the subcommittee marked up the bill and forwarded it to the Full Committee.
 
Bill Number   NEW! H.R. 5761
Title Spent Nuclear Fuel Control and Accounting Act of 2006
Sponsor Rep. Bernie Sanders (I-VT)
Summary This bill would improve the material control and accounting and data management systems used by civilian nuclear power reactors to better account for spent nuclear fuel, and reduce the risks associated with the handling of those materials. S. 3634 is the companion bill.
Latest Update H.R. 5761 was introduced on July 11, 2006 and referred to the House Committee on Energy and Commerce.